By Michael O’Dwyer
Twenty-six billion devices—from trucks, to appliances, to manufacturing equipment—will be connected to the Internet by 2020, according to a recent forecast by Gartner.
Adoption of connected devices and sensors as part of the growing Internet of Things (IoT) is increasing, in particular, in the manufacturing industry, raising worries that if hackers are able to link together equipment and sensors they could easily cause significant damage.
“The damage possible will depend on the motives involved, whether gathering of information or more sinister objectives aimed at damaging critical equipment in power stations, for example,” says Aurelius Wosylus, director business development, embedded markets at SafeNet Inc., a global data protection company with headquarters in Belcamp, Md.
Hypothetically, if a sensor or controller at an automobile plant were hacked, access to the network could be possible, allowing an attacker to send false data to the robots on the assembly line.
Instruct these robots to omit or compromise a single weld and vehicle safety is impacted, resulting in an expensive product recall, says Wosylus.
“It is bad enough when insecure computers can be hijacked and used in distributed denial of service attacks. It is, however, a different type of risk when valve controllers, pressure meters and other ‘smart sensors’ can be manipulated or disabled, potentially leading to disastrous consequences,” says Edgar Danielyan, a veteran security architect and principal consultant at JUMPSEC, a Surrey, U.K.-based provider of ethical hacking, penetration testing and security services.
Controlling and monitoring IT systems in manufacturing environments can be a difficult task because support staff are often not aware of the potential security problems. As a result, they may neglect to encrypt or restrict access to data and communication paths between devices.
“Gaining access to the data or the control capabilities of industrial IoT systems has been easy in many past cases because end-to-end security has not been taken seriously enough by the system implementers or operators — or both,” says Jon Howes, technology director at Beecham Research Ltd., a Cambridge, U.K.-based machine to machine (M2M) and IoT market research, analysis and consulting firm.
“Like other embedded systems, devices in the so-called Internet of Things are more difficult to secure and update,” says JUMPSEC’s Danielyan. “Limited computing resources, often coupled with lack of proactive management of security updates and configuration settings, may lead to situations when large numbers of devices are deployed without any real security or ability to update their software once deployed.”
Luckily, proactive measures can be taken.
In an encrypted environment, hackers can find it more difficult to reverse engineer applications or remotely determine the specifics of an IT infrastructure. Data encryption should extend to all links between devices, with authentication codes solely linked to corresponding hardware. This can prevent hackers from communicating with manufacturing execution systems to control other equipment, whether sensors or controllers, says SafeNet’s Wosylus.
This is more difficult to achieve than it sounds, though, because threats evolve on a weekly basis.
“Leading IoT market players are therefore recognizing that they must work toward systems where the connected smart devices and even the sensors can have their security capabilities upgraded remotely,” says Beecham’s Howes. “Of course, addressing those upgrade problems opens up the systems to new potential attacks [because a remote connection is involved],” adds Howes.
As security companies, analysts and device manufacturers work together, they will be able to better detect and patch potential vulnerabilities before and after product launch, making new exploits unlikely for all but the most determined and well-financed hacker.
Michael O’Dwyer is a freelance writer living in Hong Kong. He spent over 15 years in the electronics industry, managing information technology, process improvement and supply chains. Michael writes for a variety of online portals on IT and related topics.
